Newbie Security Question
James A. Coulter
jacoulter at jacoulter.net
Fri Aug 6 06:26:13 PDT 2004
I recently got my firewall up and configured (many thanks to JJB and everyone else for their help) and have been reading the daily security message from root with a great deal of interest.
My question is, when I see entries like this:
Aug 5 17:55:54 sara sshd[2099]: Failed password for root from 209.120.224.13
+port 40515 ssh2
Aug 5 17:55:55 sara sshd[2101]: Failed password for root from 209.120.224.13
+port 60426 ssh2
Aug 5 17:55:55 sara sshd[2103]: Failed password for root from 209.120.224.13
+port 54447 ssh2
Aug 5 17:55:59 sara sshd[2105]: Failed password for root from 209.120.224.13
+port 44460 ssh2
is it safe to assume someone has been trying to hack my system?
I did a whois search on the IP and it went to a provider in Colorado.
I'm asking because I'm curious - thanks again for everyone's help.
Jim C.
More information about the freebsd-questions
mailing list